Hello guys,
I'm creating my own website-it's coming along very well but I'm stuck. There is a login, so that you can login to your account. Each account has an access of 1-10, if your access is 0 you are not logged in. When you put your username and password it checks all of the accounts in the mySQL database. That all works fine, but along with this is a forum, if you are logged in you can post ext.. in the forum, if your not logged in you can only view it. I made it so you can view it but how would i have a variable that worked through all the pages in my website so the forum could say do they have an access of greater than 0?
So i thought... Sessions
My default.php runs includes the different things which include each other and it all works out so that its always "technically" on default.php.
<?php
// Start the session
session_start();
$_SESSION['Username'] = "";
$_SESSION['Access'] = 0;
?>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Website</title>
</head>
<body>
<table width="100%" height="100%" border="0">
<tr height="1%">
<td>
<?php require "menubar.php"; ?>
</td>
</tr>
<tr height="10%">
<td>
<?php require "logo.php"; ?>
</td>
</tr>
<tr valign="top">
<td>
<?php require "main.php"; ?>
</td>
</tr>
</table>
</body>
</html>
I'm not sure if I just don't know how to use Session variables or I'm using them wrong.
here is login.php
<html>
<body>
<?php
if(strlen($_POST['user']) == 0 || strlen($_POST['pass']) == 0)
{
echo "
<center>
<form action=\"?page=Login\" method=\"post\">
<table border=\"0\" width=\"75%\">
<tr>
<td>
Username:
</td>
<td>
<input type=\"text\" name=\"user\" />
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type=\"password\" name=\"pass\" />
</td>
</tr>
<tr>
<td>
<input type=\"submit\" value=\"Login\" />
<td>
</tr>
</table>
</form>
</center>
";
}
else
{
$mysql_host = "";
$mysql_database = "";
$mysql_user = "";
$mysql_password = "";
$con = mysql_connect($mysql_host,$mysql_user,$mysql_password);
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($mysql_database,$con);
$result = mysql_query("SELECT * FROM Accounts");
while($row = mysql_fetch_array($result))
{
if($row['Username'] == $_POST['user'] && $row['Password'] == $_POST['pass'])
{
$_SESSION['Username'] = $row['Username'];
$_SESSION['Access'] = $row['Access'];
echo "<a href=?page=UserCP>You have successfully logged in click here to access User CP.</a>";
}
}
}
?>
</body>
</html>
Thanks and i hope you guys can help me..